VLAN Management
This section describes the configuration model of VLAN management and provides examples of XML packets.
Data Model
The configuration model files matching VLAN management are huawei-vlan.yang, huawei-forward-traffic-security.yang and ietf-interfaces.yang.
Object |
Description |
Value |
Remarks |
|---|---|---|---|
/huawei-vlan:vlans/management-vlan/vlanid |
Indicates a management VLAN ID |
The value is an integer in the range from 1 to 4094. |
N/A |
/huawei-vlan:vlans/id |
Indicates a VLAN ID. |
The value is an integer in the range from 1 to 4094. |
N/A |
/huawei-vlan:vlan-pools/vlan-pool/name |
Indicates the name of a VLAN pool. |
The value is a string of 1 to 31 characters. The value cannot contain question marks (?) or spaces, and cannot begin or end with double quotation marks (" "). |
N/A |
/huawei-vlan:vlan-pools/vlan-pool/vlans |
Indicates the range of VLANs added to the VLAN pool. |
The value is in the format of start-vlan[..end-vlan ], where the value of start-vlan or end-vlan is an integer in the range from 1 to 4094. The value of start-vlan must be less than that of end-vlan. For example, 10..20 indicates that VLANs 10 to 20 are added to the VLAN pool. |
A nonexistent VLAN can also be added to a VLAN pool. However, you need to create the VLAN after adding a nonexistent VLAN to a VLAN pool; otherwise, the VLAN does not take effect. |
/huawei-vlan:vlan-pools/vlan-pool/assignment-method |
Indicates the VLAN assignment algorithm in a VLAN pool. |
The value is of the enumerated type:
|
N/A |
/ietf-interfaces:interfaces/interface/huawei-vlan:vlan/port-link-type |
Indicates the type of an interface. |
The options are as follows:
|
N/A |
/ietf-interfaces:interfaces/interface/huawei-vlan:vlan/default-vlan |
Indicates the default VLAN ID. |
The value is an integer in the range from 1 to 4094. |
N/A |
/ietf-interfaces:interfaces/interface/huawei-vlan:vlan/trunk |
Indicates the trunk type. |
- |
N/A |
/ietf-interfaces:interfaces/interface/huawei-vlan:vlan/trunk-vlan |
Indicates the VLANs allowed by a trunk interface. |
NOTE:
The VLAN range and VLAN list are mutually exclusive. |
N/A |
/ietf-interfaces:interfaces/interface/huawei-vlan:vlan/hybrid |
Indicates the hybrid type. |
- |
N/A |
/ietf-interfaces:interfaces/interface/huawei-vlan:vlan/hybrid/tagged-vlan |
Indicates the VLANs allowed by a hybrid interface. Frames of these VLANs pass through the interface in tagged mode. |
The value is an integer in the range from 1 to 4094. |
N/A |
/ietf-interfaces:interfaces/interface/huawei-vlan:vlan/hybrid/untagged-vlan |
Indicates the VLANs allowed by a hybrid interface. Frames of these VLANs pass through the interface in untagged mode. |
The value is an integer in the range from 1 to 4094. |
N/A |
/ietf-interfaces:interfaces/interface/huawei-vlan:vlan/name |
Indicates a VLAN name. |
The value is a string of 1 to 31 case-sensitive characters. The question mark (?) is not supported. |
N/A |
/ietf-interfaces:interfaces/interface/huawei-vlan:vlan/description |
Indicates the VLAN description. |
The value is a string of 1 to 255 case-sensitive characters. The question mark (?) is not supported. |
N/A |
/huawei-vlan:vlans/vlan/huawei-traffic:traffic-security/ipv4-check-enable |
Indicates whether IPv4 packet check is enabled in a VLAN. |
The value is of the Boolean type:
The default value is false. |
N/A |
/huawei-vlan:vlans/vlan/huawei-traffic:traffic-security/ipv6-check-enable |
Indicates whether IPv6 packet check is enabled in a VLAN. |
The value is of the Boolean type:
The default value is false. |
N/A |
/huawei-vlan:vlans/vlan/huawei-traffic:traffic-security/arp-check-enable |
Indicates whether ARP packet check is enabled in a VLAN. |
The value is of the Boolean type:
The default value is false. |
N/A |
/huawei-vlan:vlans/vlan/huawei-traffic:traffic-security/arp-check-alarm-enable |
Indicates whether the alarm function for ARP packet check is enabled in a VLAN. |
The value is of the Boolean type:
The default value is false. |
This object can be configured only when the /huawei-vlan:vlans/vlan/huawei-traffic:traffic-security/arp-check-enable object is set to true. |
/huawei-vlan:vlans/vlan/huawei-traffic:traffic-security/arp-check-alarm-threshold |
Specifies the alarm threshold for ARP packet check in a VLAN. |
The value is an integer in the range from 1 to 1000. |
This object can be configured only when the /huawei-vlan:vlans/vlan/huawei-traffic:traffic-security/arp-check-alarm-enable object is set to true. |
/huawei-vlan:vlans/vlan/hw-traffic:traffic-security/ip-check-alarm-enable |
Indicates whether the alarm function for IP packet check is enabled in a VLAN. |
The value is of the Boolean type:
The default value is false. |
This object can be configured when either /huawei-vlan:vlans/vlan/huawei-traffic:traffic-security/ipv4-check-enable or /huawei-vlan:vlans/vlan/huawei-traffic:traffic-security/ipv6-check-enable is set to true. |
/huawei-vlan:vlans/vlan/hw-traffic:traffic-security/ip-check-alarm-threshold |
Specifies the alarm threshold for IP packet check in a VLAN. |
The value is an integer in the range from 1 to 1000. |
This object can be configured only when the /huawei-vlan:vlans/vlan/hw-traffic:traffic-security/ip-check-alarm-enable object is set to true. |
/huawei-vlan:vlans/vlan/ip-subnet-vlan/ip-prefix |
Indicates the source IP address or network address and mask length for IP subnet-based VLAN assignment. |
The value is in the format of ipv4-address/mask-length.
|
N/A |
/huawei-vlan:vlans/vlan/ip-subnet-vlan/priority |
Indicates the 802.1p priority of the VLAN associated with an IP address or subnet. |
The value is an integer in the range from 0 to 7. A larger value indicates a higher priority. The default value is 0. |
N/A |
/ietf-interfaces:interfaces/interface/huawei-vlan:ip-subnet-vlan-enable/enable |
Indicates whether IP subnet-based VLAN assignment is enabled on an interface. |
The value is of the Boolean type:
The default value is false. |
N/A |
/huawei-vlan:vlans/vlan/unknown-flow-drop |
Indicates whether unknown packet isolation is enabled in a VLAN. |
The value is of the Boolean type:
The default value is false. |
This function is supported only on the X series cards. |
/huawei-vlan:vlan-pools/vlan-pool/vlan-in-pools/vlan-in-pool/begin-vlan-id /huawei-vlan:vlan-pools/vlan-pool/vlan-in-pools/vlan-in-pool/end-vlan-id |
Specifies a VLAN range. |
The value is an integer in the range from 1 to 4094. begin-vlan-id and end-vlan-id together specify a VLAN range. The value of begin-vlan-id must be less than that of end-vlan-id. |
NA |
/huawei-vlan:vlan-pools/vlan-pool/vlan-in-pools/vlan-in-pool/max-user |
Specifies the maximum number of users in a VLAN. |
The value is an integer in the range from 1 to 10000. |
This object takes effect only when the VLAN assignment algorithm in the VLAN pool is set to hash. |
/huawei-vlan:vlan-pools/vlan-pool/lease/lease-time/unlimited |
Indicates that user entries in a VLAN pool do not age. |
- |
|
/huawei-vlan:vlan-pools/vlan-pool/lease/lease-time/day |
Specifies the aging time (in days) of user entries in a VLAN pool. |
The value is an integer in the range from 0 to 999, in days. The default value is 8 days. |
This object takes effect only when the VLAN assignment algorithm in the VLAN pool is set to hash. |
/huawei-vlan:vlan-pools/vlan-pool/lease/lease-time/hour |
Specifies the aging time (in hours) of user entries in a VLAN pool. |
The value is an integer in the range from 0 to 23, in hours. The default value is 0. |
This object takes effect only when the VLAN assignment algorithm in the VLAN pool is set to hash. |
/huawei-vlan:vlan-pools/vlan-pool/lease/lease-time/minute |
Specifies the aging time (in minutes) of user entries in a VLAN pool. |
The value is an integer in the range from 0 to 59, in minutes. The default value is 0. |
This object takes effect only when the VLAN assignment algorithm in the VLAN pool is set to hash. |
Changing the Management VLAN
This section describes how to change the management VLAN using the rpc method.
Operation |
XPATH |
|---|---|
rpc |
/huawei-vlan:vlans/management-vlan/vlanid |
Data requirement
Item |
Data |
Description |
|---|---|---|
VLAN ID |
100 |
Changes the management VLAN to VLAN 100. |
Request example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="17" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<huawei-vlan:vlans xmlns:huawei-vlan="urn:huawei:params:xml:ns:yang:huawei-vlan">
<huawei-vlan:vlan>
<huawei-vlan:id>100</huawei-vlan:id>
</huawei-vlan:vlan>
<huawei-vlan:management-vlan>
<huawei-vlan:vlanid>100</huawei-vlan:vlanid>
</huawei-vlan:management-vlan>
</huawei-vlan:vlans>
</config>
</edit-config>
</rpc>
Response example
Sample of successful response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="17">
<ok/>
</rpc-reply>
Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="18">
<rpc-error>
<error-type>application</error-type>
<error-tag>operation-failed</error-tag>
<error-severity>error</error-severity>
<error-message>parse rpc config error.</error-message>
</rpc-error>
</rpc-reply>
Creating VLAN
This section describes how to create VLAN using the rpc method.
Operation |
XPATH |
|---|---|
rpc |
/huawei-vlan:vlans/id |
Data requirement
Item |
Data |
Description |
|---|---|---|
VLAN ID |
100 |
Indicates that VLAN 100 is created. |
Request example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="25" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<huawei-vlan:vlans xmlns:huawei-vlan="urn:huawei:params:xml:ns:yang:huawei-vlan">
<huawei-vlan:vlan>
<huawei-vlan:id>100</huawei-vlan:id>
</huawei-vlan:vlan>
</huawei-vlan:vlans>
</config>
</edit-config>
</rpc>
Response example
Sample of successful response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="25">
<ok/>
</rpc-reply>
Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="26">
<rpc-error>
<error-type>application</error-type>
<error-tag>operation-failed</error-tag>
<error-severity>error</error-severity>
<error-message>parse rpc config error.</error-message>
</rpc-error>
</rpc-reply>
Adding Interfaces to VLAN
This section describes how to add interfaces to VLAN using the rpc method.
Operation |
XPATH |
|---|---|
edit-config:create |
/ietf-interfaces:interfaces/interface/huawei-vlan:vlan/id |
Data requirement
Item |
Data |
Description |
|---|---|---|
VLAN ID |
100, 101, 102 |
Adds interfaces to VLANs 100, 101, and 102. |
Request example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="6" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<if:interfaces xmlns:if="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<if:interface>
<if:name>GigabitEthernet1/0/3</if:name>
<if:type xmlns:iana-if-type="urn:ietf:params:xml:ns:yang:iana-if-type">iana-if-type:ethernetCsmacd</if:type>
<huawei-vlan:vlan xmlns:huawei-vlan="urn:huawei:params:xml:ns:yang:huawei-vlan">
<huawei-vlan:port-link-type>trunk</huawei-vlan:port-link-type>
<huawei-vlan:trunk>
<huawei-vlan:trunk-vlan>100</huawei-vlan:trunk-vlan>
</huawei-vlan:trunk>
<huawei-vlan:trunk>
<huawei-vlan:trunk-vlan>101</huawei-vlan:trunk-vlan>
</huawei-vlan:trunk>
<huawei-vlan:trunk>
<huawei-vlan:trunk-vlan>102</huawei-vlan:trunk-vlan>
</huawei-vlan:trunk>
</huawei-vlan:vlan>
</if:interface>
</if:interfaces>
</config>
</edit-config>
</rpc>
Response example
Sample of successful response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="6">
<ok/>
</rpc-reply>
Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="7">
<rpc-error>
<error-type>application</error-type>
<error-tag>operation-failed</error-tag>
<error-severity>error</error-severity>
<error-message>parse rpc config error.</error-message>
</rpc-error>
</rpc-reply>
Change VLAN description and name
This chapter mainly introduces the configuration description and name under xml based on VLAN.
Operation |
XPATH |
|---|---|
RPC |
/huawei-vlan:vlans/name /huawei-vlan:vlans/description |
Data requirement
Item |
Data |
Description |
|---|---|---|
VLAN name |
1000 |
Change the VLAN name to 1000 |
VLAN description |
2000 |
Change the VLAN description to 2000 |
Request example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="1" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<huawei-vlan:vlans xmlns:huawei-vlan="urn:huawei:params:xml:ns:yang:huawei-vlan">
<huawei-vlan:vlan>
<huawei-vlan:id>100</huawei-vlan:id>
<huawei-vlan:name>1000</huawei-vlan:name>
<huawei-vlan:description>2000</huawei-vlan:description>
</huawei-vlan:vlan>
</huawei-vlan:vlans>
</config>
</edit-config>
</rpc>
Response example
Sample of successful response
<?xml version='1.0' encoding='UTF-8'?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0"> <ok/> </rpc-reply>
Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
<rpc-error>
<error-app-tag>1</error-app-tag>
<error-message>Service process failed.</error-message>
<error-info>Error on node /huawei-vlan:vlans/vlan[id="100"]/description</error-info>
</rpc-error>
</rpc-reply>
Creating a VLAN Pool
This section provides a sample of configuring a VLAN pool using the config method.
Operation |
XPATH |
|---|---|
edit-config:config |
|
Data Requirements
Item |
Data |
Description |
|---|---|---|
Name of a VLAN pool |
april |
Name of the VLAN pool is april. |
Range of VLANs added to the VLAN pool |
10..20 |
Add VLAN 10 to VLAN 20 to the VLAN pool. |
VLAN assignment algorithm in a VLAN pool |
even |
Sets the VLAN assignment algorithm to even. |
Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="6" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<huawei-vlan:vlan-pools xmlns:huawei-vlan="urn:huawei:params:xml:ns:yang:huawei-vlan">
<huawei-vlan:vlan-pool>
<huawei-vlan:name>april</huawei-vlan:name>
<huawei-vlan:vlans>10..20</huawei-vlan:vlans>
<huawei-vlan:assignment-method>even</huawei-vlan:assignment-method>
</huawei-vlan:vlan-pool>
</huawei-vlan:vlan-pools>
</config>
</edit-config>
</rpc>
Response Example
# Sample of successful response.
<?xml version='1.0' encoding='UTF-8'?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="6"> <ok/> </rpc-reply>
# Sample of failed response.
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="6">
<rpc-error>
<error-type>application</error-type>
<error-tag>operation-failed</error-tag>
<error-severity>error</error-severity>
<error-path>/huawei-vlan:vlan-pools/vlan-pool[name='april']/vlans[.='10-20']</error-path>
<error-message>parse rpc config error.(Invalid value in "vlans" element.).</error-message>
</rpc-error>
</rpc-reply>
Enabling IP packet check in a VLAN
This section describes how to enable IP packet check in a VLAN using the rpc method.
Operation |
XPATH |
|---|---|
edit-config:merge |
/huawei-vlan:vlans/id /huawei-vlan:vlans/vlan/huawei-traffic:traffic-security/ipv4-check-enable /huawei-vlan:vlans/vlan/huawei-traffic:traffic-security/ipv6-check-enable /huawei-vlan:vlans/vlan/huawei-traffic:traffic-security/arp-check-enable |
Data Requirements
Item |
Data |
Description |
|---|---|---|
VLAN ID |
100 |
- |
Whether IPv4 packet check is enabled in a VLAN |
true |
- |
Whether IPv6 packet check is enabled in a VLAN |
true |
- |
Whether ARP packet check is enabled in a VLAN |
true |
- |
Request Example
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<edit-config>
<target>
<running/>
</target>
<config>
<huawei-vlan:vlans xmlns:huawei-vlan="urn:huawei:params:xml:ns:yang:huawei-vlan">
<huawei-vlan:vlan>
<huawei-vlan:id>100</huawei-vlan:id>
<hw-traffic:traffic-security xmlns:hw-traffic="urn:huawei:params:xml:ns:yang:huawei-traffic">
<hw-traffic:ipv4-check-enable>true</hw-traffic:ipv4-check-enable>
<hw-traffic:ipv6-check-enable>true</hw-traffic:ipv6-check-enable>
<hw-traffic:arp-check-enable>true</hw-traffic:arp-check-enable>
</hw-traffic:traffic-security>
</huawei-vlan:vlan>
</huawei-vlan:vlans>
</config>
</edit-config>
</rpc>
Response Example
Sample of successful response
<?xml version='1.0' encoding='UTF-8'?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1"> <ok/> </rpc-reply>
Sample of failed response
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="23">
<rpc-error>
<error-type>application</error-type>
<error-tag>operation-failed</error-tag>
<error-severity>error</error-severity>
<error-path>/huawei-vlan:vlans/vlan[id='100']/huawei-traffic:traffic-security/ipv4-check-enable</error-path>
<error-message>parse rpc config error.(Invalid value in "ipv4-check-enable" element.).</error-message>
</rpc-error>
</rpc-reply>
Configuring IP Subnet-based VLAN Assignment on an Interface
This section provides a sample of configuring IP subnet-based VLAN assignment on an interface using the edit-config method.
Operation |
XPATH |
|---|---|
edit-config:config |
/huawei-vlan:vlans/vlan/ip-subnet-vlan /ietf-interfaces:interfaces/interface/huawei-vlan:ip-subnet-vlan-enable/enable |
Data Requirements
Item |
Data |
|---|---|
VLAN ID |
5 |
Source IP address or network address and mask length for IP subnet-based VLAN assignment |
10.1.1.1/24 |
802.1p priority of the VLAN associated with an IP address or subnet |
3 |
Interface on which IP subnet-based VLAN assignment is enabled |
Eth-Trunk1 |
Whether IP subnet-based VLAN assignment is enabled on an interface |
true |
Request Example
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<edit-config>
<target>
<running/>
</target>
<config xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<vlans xmlns="urn:huawei:params:xml:ns:yang:huawei-vlan">
<vlan nc:operation="replace">
<id>5</id>
<ip-subnet-vlan>
<ip-prefix>10.1.1.1/24</ip-prefix>
<priority>3</priority>
</ip-subnet-vlan>
</vlan>
</vlans>
<if:interfaces nc:operation="replace" xmlns:if="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<if:interface>
<if:name>Eth-Trunk1</if:name>
<if:type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:ethernetCsmacd</if:type>
<huawei-vlan:ip-subnet-vlan-enable xmlns:huawei-vlan="urn:huawei:params:xml:ns:yang:huawei-vlan">
<huawei-vlan:enable>true</huawei-vlan:enable>
</huawei-vlan:ip-subnet-vlan-enable>
</if:interface>
</if:interfaces>
</config>
</edit-config>
</rpc>
Deletion Example
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
<edit-config>
<target>
<running/>
</target>
<config xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<vlans xmlns="urn:huawei:params:xml:ns:yang:huawei-vlan">
<vlan nc:operation="replace">
<id>5</id>
</vlan>
</vlans>
<if:interfaces nc:operation="replace" xmlns:if="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<if:interface>
<if:name>Eth-Trunk1</if:name>
<if:type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:ethernetCsmacd</if:type>
</if:interface>
</if:interfaces>
</config>
</edit-config>
</rpc>
Response Example
Sample of successful response
<?xml version="1.0" encoding="utf-8"?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1"> <ok/> </rpc-reply>
Sample of failed response
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<rpc-error>
<error-app-tag>-1</error-app-tag>
<error-message> Invalid IP address.</error-message>
<error-info>Error on node /huawei-vlan:vlans/vlan[id="6"]</error-info>
</rpc-error>
</rpc-reply>